Light Point Security: a Software 'Jail' for Malware?

Imagine browsing the Internet from your desktop without any of the content actually touching your computer.

That's what Light Point Security LLC allows users to do to protect their computers from Web-based malware, or malicious software, such as viruses and worms.

Former National Security Agency employees Zuly Gonzalez, 34 years old, and Beau Adkins, 33, started the business in 2010 after recognizing a need for software that could stop threats before they reached a computer. The duo's startup is one of the five remaining contenders for the title of "WSJ Startup of the Year" in an online documentary from The Wall Street Journal.

Light Point Security's software plugs into a user's Web browser, allowing the user to surf the Web normally but in the cloud. That means the browser is hosted on a server, as opposed to the user's computer. The software creates a virtual browsing session and then erases it when the user is done, deleting any potential malware along with it.

"We're isolating the threat in a jail," as Ms. Gonzalez puts it.

She and Mr. Adkins are selling their software, called Light Point Web Enterprise, for $65 a year per computer, a price they set after comparing it to other desktop security programs. They have three paying clients, plus five more in pilot programs.

Neither of the founders had started a company before, but Ms. Gonzalez said they developed a business plan while taking an entrepreneurship class at Johns Hopkins University. After developing a prototype of their software, they left defense-industry jobs and began building their startup from the basement of their suburban Baltimore home. Last November, they moved it to a business incubator at the University of Maryland, where they were accepted into a program dedicated to helping early-stage companies develop cybersecurity technology.

The pair initially self-financed their startup, but were approved for a $250,000 loan last month through a state loan program for small early-stage technology companies. They plan to spend it on product development and hire two developers.

Sharon Wienbar, a partner at Scale Venture Partners who helps mentor Light Point Security in the documentary, said she was impressed that the founders applied for the loan, rather than raising investment funding. "It showed a nice scrappiness in finding a nondilutive source of capital," Ms. Wienbar said.

Neither of the founders has a business background, but Ms. Gonzalez said she and Mr. Adkins have been learning about the startup life mostly from online sources, literature and their interactions with mentors who are working with them as part of the WSJ documentary. "A lot of it's been trial and error," she said.

One mistake they made early on, according to Ms. Gonzalez, was to assume their product would be attractive to consumers. After talking to dozens of people at a Boston conference for software startups, they realized that it appealed far more to businesses. As a result, they shifted focus to the business market and moved their Internet browsing system from the public cloud to company-owned servers.

The startup faces competition from a host of companies that offer products to detect malware, including big players like Symantec Corp. and Websense, according to Ms. Wienbar. But Mr. Adkins said he thinks his company has an edge because it isolates online threats in the cloud, as opposed to on a user's computer.

Light Point Security got its first customer, Barbara Hunt, chief executive and chief technology officer of online-security service CuttingEdge C.A. in Chantilly, Va., through a referral from the incubator. She said she chose to package its software with her NetAbstraction service—a cloud-based network used by businesses to protect intellectual property—because it is easy to use.

"What sets Light Point apart is its simplicity and the seamlessness of what it does," Ms. Hunt said, adding that her clients even requested that she put a green border around their computers' browsers so that they were able to tell when they were using the software.

The product currently only works with Mozilla's Firefox browser, which limits its appeal. The company's founders are working on a plug-in for Microsoft Corp.'s Internet Explorer and then will tackle Google Inc.'s Google Chrome. After that, they will turn to mobile browsing.

With only the two of them at the startup, however, Ms. Gonzalez said they are limited in the number of projects they can handle.

Am I right in thinking that this software does not really stop malware, but tries to contain it?

Their software on their server could still become infected with malware, but the scope of the damage that malware could have is limited to their system not yours, then once you are done browsing that malware and all your content is presumably deleted. I see the potential for damage to you personally if their software is infected with malware while you are using it, the effects of which are not as long lasting, but may be lasting enough to cause you damage.

There are a few trade-offs though in this scenario:

All your browsing activity ( web sites you visit, passwords you enter, etc. ) all goes through their software, you should have a high degree of trust of them and the security of their software.

Once you are done browsing they delete all your information, thus you lose state, so no more bookmarks, or browser plug-ins you, or saved password features.

Hi, this is Zuly, one of the co-founders of Light Point Security. I would like to address comments that compare our product to sandboxes such as Sandboxie or the Chrome sandbox (formerly GreenBorder).

Sandboxes don't stop malware; they still allow the malware to run on your computer, but they use operating system constraints to try to limit the ability for malware to damage the system. These methods work as long as the malware plays by the rules of the operating system. There are many ways for malware to circumvent the sandbox, such as attacking the kernel. If that happens, the sandbox's security fails.

Our product isn't a sandbox. The significance of our software is that we keep all web content off of your computer. This keeps malware from ever getting a chance to attack your computer.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.